package com.qianya.weishi_server.config.security;


import com.qianya.weishi_server.config.cache.CacheService;
import com.qianya.weishi_server.common.result.GenericErrorCode;
import com.qianya.weishi_server.common.exception.GenericException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import java.util.Collection;

/**
 * @author LLL
 */
@Slf4j
@Component
public class UrlAccessDecisionManager implements AccessDecisionManager {

    @Resource
    private CacheService cacheService;

    @Override
    public void decide(Authentication auth, Object o, Collection<ConfigAttribute> cas) throws AccessDeniedException, InsufficientAuthenticationException {
        for (ConfigAttribute ca : cas) {
            //当前请求需要的权限
            String permissionCode = ca.getAttribute();
            log.debug("need permission: {}", permissionCode);
            if ("_none".equals(permissionCode)) {
                // 资源未配置拦截直接通过
                return;
                //throw new GenericException(GenericErrorCode.OBJECT_NOT_FOUND);
            }
            //当前用户所具有的权限
        }
        throw new GenericException(GenericErrorCode.FORBIDDEN);
    }

    @Override
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}
